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Field of the Invention 

The present invention relates to a method and system for regulating access to a service by 
time periods. 



As used herein, references to a service are to be broadly understood to encompass any type 
of service including, without limitation, transactional services, information services and 
services that provide access to a data component such as software or digital media content 



Background o f the Invention 

Access to a service, such as a service provided over the internet, frequently requires the 
party wishing to receive the service first to obtain authorisation to do so from an 
15 authorisation authority. Once this authority has determined that the party is entitled to the 
receive the service (as a result, for example, of the party making an appropriate payment) 
the authority may provide the party with an element evidencing that the party is entitled to 
receive the service. The party then presents this element to the provider of the service in 
order to receive the service. The authorisation authority may be part of the service provider 
20 organisation or may be an independent body trusted by the service provider and possibly 
acting on behalf of multiple different service providers. 

ThenatureofmeelementprovidedtothepartybymeauthorisationauM 
party to prove its entitlement to a service will depend on the degree of security required. 
25 Thus, in some instances a simple unencrypted password may be sufficient whilst in other 
instances a more secure cryptographic-based arrangement (such as one using PKI 
technology) may be justified. 

Entitlement to a service will generally be time limited. This can be achieved, for example 
30 by having the proof-of-entitlement element include an expiry date or by the service' 
provider running a check before providing the service to the party. 



5 



2 

Existing approaches to regulating service access on a time basis and in a secure manner are 
generally inefficient and expensive both in terms of processing time and communications 
bandwidth. Furthermore, user anonymity is generally not accommodated. 

It is an object of the present invention^ provide an improved way of regulating access to a 
service by time periods. 



The present invention is in part based on the appreciation that Identifier-Based Encryption 
(IBE) has certain properties that can be adapted for use in regulating access to a service by 
10 time periods. 

Identifier-Based Encryption (IBE) is an emerging cryptographic schema. In this schema 
(see Figure 1 of the accompanying drawings), a data provider 10 encrypts payload data 13 
using an encryption key string 1 4 and public data 1 5 provided by a trusted authority 1 2; the 
15 data provider 10 then provides the encrypted payload data <13> to a recipient 1 1 who 
decrypts it using a decryption key 16 provided by the trust authority together with the 
letter's public data. The trusted authority's public data is derived by the authority using 
private data 17 and a one-way function 18. Important features of the IBE schema are that 
any kind of string (including a name, a role, etc.) can be used as an encryption key string 
20 14, and that the generation of the decryption key 16 is effected by the trust authority 
(process 19) using the encryption key string 14 and its private data 17, enabling the 
generation of the decryption key 1 6 to be postponed until needed for decryption. Because 
the encryption key string frequently contains data identifying the intended recipient (for' 
example, by a required characteristic), the encryption key string is also known as the 
25 identifier string. 

A number of IBE algorithms are known, one of which is the "Quadratic Residuosity" (QR) 
method described in the paper: C. Cocks, "An identity based encryption scheme based on 
quadratic residues", Proceedings of the 8* IMA International Conference on Cryptography 
30 and Coding LNCS 2260, pp 360-363, Springer-Verlag, 2001 . A brief description of this 
form of IBE is given below. 
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In t heQR m e th od,.h etra s t au« 

of two random prime numbers p ^ q ^ ^ ^ ^ p ^ ^ ^ ^ ^ ^ 

of fte tin* authonty ,2. The values of p and q should idea,,y be in the range of 2- and 
2 arrdshouldb.msatisfytheequation: 

•he same value. Also provided is a hash .taction U whieh when apphed to a string returns 
a value in the range 0 to N-l. 

Each bit m of the user's payload data 13 is then encrypted as follows- 
- Tne data provider 10 generates random numbers , t (where K is an integer in the 
range [0, 2»J) until a value of is found that satisfies the equation JacoMfu N>=n 
where nr has a value of -1 or 1 depending on whether the corresponding hi, of the 
user's data is 0 or 1 respectively. (As is well known, the,V,co W fiction „ such ^ 
where x > ,*modAt the jacobi (#, N) » -, if x does not exis(> ^ , , . (x ^ 
exist). The data provider 10 then computes the value: 

s+ ■ {U+#(encryption_keystrmg)lt t )moW 
where s. corresponds to the encrypted value of the bit m concerned. 



- Since ^ncryption.keysrnug) may be non-square, the data provider additionally 
generates additional random numbers ,. (integers in the range (0, 2")) until one is 
found that satisfies the equation, »«*(,.,*> m . The data provider 10 then 
computes the value: 

s_ = (t_-#{encryption_keystring)/QmodN 
as the encrypted value of the bit m concerned. 

25 The encrypted values „ and s. for each bi, m of the user's data are then made available ,„ 
themtended recipient H.for example via e-mai, or by betng placed in a electronic public 
area, the .dentity of me trust authority ,2 m d the encryption key ahing ,4 will generally 
also be made available in the same way. 
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The encryption key string Mispassed to the trust au,hori ty ,2 by any suitable means- f or 
examp,e the reciplent , , may pass „ , 0 ^ ^ ^ ^ ^ ^ ^ ^ _ 

I! , aUth ° ri ' y ^ ^ ™ «- «o» ^ y stnngi The trust 

author,* 12 determines the associated private key B by solving the equation : 

5 B -#<.en a yption_keys,nng) moiN (••positive" solution) 

If a value of B does not exist, then there is a value of B drat is sahshed by the equation: 
B* . -^eoipto^teysr^modiV ("negative" solution) 

AsNisaproductofnvoprimenumbersp.qi.womdbeextreme.ydtfHcuhforanyonero 
^ulatelhedecryptionkeyBwid.onlyknov.edgeoffteencryption key shrug and N 
However, as the trust authority , 2 has knowledge of p and , (i.e. two prime numbers) i, is 
relahvely straightforward for the trust authority 12 to calculate B. 

Anychapge to the encryption key string ,4 win result in a decryption key ,6 mat wil, not 
decryptthepayloaddata ,3 correctly. Therefore, me nttended rectpien, , , cannot alter the 
15 encryption key string before supplying i,, 0 the trust authority 12. 

The hus, authority ,2 sends the decryption key to the data recipient „ along with an 
tndtcatton of whether mis is me "posttive" or "negative" solution for B. 

20 If the "posttive" so.ution for tbe decryption key has been provided, the recipient , , can 
now recover each bit m of the payload data 13 using: 
m =jacobi(st+2B,N) 

If me "negative" solution for the decryption key B has been provided, me recipient , , 
recovers each bit m using: 
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m =jacobi(s_+2B,N) 



^^nmeforegomgexamp.e.meenctyptionkeystilnghasbeenuaeddlrecdyinmeQR 
al80nthm ' " iS alS ° » to - - »« encryption process a derivative of the 

30 r h T nkeys " sderivaa ^ 

hash faction, in this case, the entity generating the decryption key can stih simpiy be 
supphed wtth the encryption key string provided i, knows the predetermined function used 



.0 form .he derivative of the encryption key string (in fact, this is equivalent to using a 
variant of stated the QR BE algorithm in which the predetermined fhnetion is applied to 
the encryption key string wherever the brier appears). Where the decryption-key generating 
ennty does no, need to access tire contents of the originai encryption key string, then i, 
need only be provide* with the derivative of the encryption key string used dnring the 
encryption process. In the following description, where the tenn "encryption key" is used 

m.sisiutendedtorefertothefonnoffteeneryptionkeystringusedinthes.a.edversionof 
IBE algorithm concerned whether tins is the unprocessed encryption key string or a 
^ denvanve formed by subjecting the encryption key string ,o predetermined processing. 

Other BE algorithms are known such as the use of Weil or Tate pairings - see for 
example: D. Boneh, M. Franklin - "Identity-based Encryption from the Weil Pairing" in 
Advances in Cryptology - CRYPTO 2001, LNCS 2139, pp. 213-229, Springer-Veriag 

^'^^orithmsbaaedonmeWeilorTatepairingsareusuallydescribedintermsof 
there being an BE encryption key that is denved in a predetermined manner from an 
encryption key string (though i, would be possible ,o re-state the algorithms such that me 
enctyprion key string formed the encryption key to be plugged into the algorithm). 

20 Summary of the InvRnrinn 

According to one aspect of the present invention, there is provided a method of regulating 
access to a service provided by a service provider, wherein a service authoriser 

generates for each of multiple service time periods a different respective data set 
compnsmg private data and public data derived using the latter; and 
25 - ^-nmeswhetoaparty^ 

penod and, xf so, provides that party with a decryption key for accessing the service 
dunng said particular time period, the decryption key being generated by the 
authonser using an encryption key and the private data of the data set for said 
particular time period. 

30 

The party uses the decryption key to decrypt encrypted data provided to the party by the 
serv 1C eprovider,decryp^^ 
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serv.ce for . clment sajd time ^ ^ ^ . $ ^ ^ 

provtder using the aforesaid encryption key m d (he pubIic data of the data ^ 
current tbne period. The party is on,y able ,o decrypt the encrypted data using the 

decrypt key provided by the aurhoriser where the particmar rime period for which «be 
decrypt,™ key was generated js ^ ^ ^ ^ ^ ^ 

automatical* temrmated a, .be end of «he cturent service tune period nn,ess the party 
obtams (or has obtained) the decryption Key apphcable to the foUowirrg service titneperiod 
trom the service authoriser. 

.0 ^^•-odteraspectofd.epresentinven.ion.tbereisprovidedacontput.ngenti^ 
for regnlating access to a service provided by a service provider, the computing entity 
comprising: • 5 y 

- firs, means for generating for each of muMple service time periods a different 
1, Z eCnVe ^ " C ° mPriSingPliVate ^ an » "ataderivedusing theprivate 

- second means for de.ermrning whether a party is emitted to receive me service for a 
particular said time period; 

- third means for providing a party that the second means has determined is emitted to 
recetve the service, with a decryption key for accessing Are service during said 

part.culartimeperiod.metmrdmca.smc.udiugkey-genemmrgmeansforgenem.mg 
the decryption key using an encryption key and the private data of the data se, for 
said particular time period. 

According to a mrther aspect of the present invention, mere is provided a system for 
regulatmg access ,o a service provided by a service provider, the system comprismg- 
- a firs, computer entity for authorising access to said service, comprising- 

- firs, means for generating for each of multiple service rime periods a different 
respeenvc data se, comprising private data and public data derived using the 
pnvate data; 

30 - second means for determining whether the party is entitled to recetve me service 

for a particular said time period; 
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- third means for providing a party that the second means has determined is 
entitled to receive the service, with a decryption key for accessing the service 
dunng said particular time period, the third means including key-generating 
means for generating the decryption key using an encryption key and the private 
data of the data set for said particular time period; 
- a second computer entity, associated with the servile provider, and arranged to 
prov ld e said party with encrypted data which the party is required to decrypt to 
recerve the service for a current said time period, the second computer entity being 
arranged to form said encrypted data by encrypting data using said encryption key 
and the public data of the data set for said current time period; and 
- a third computer entity, associated with said party, and arranged to use the decryption 
key provided by the first computer entity to decrypt the encrypted data provided by 
the second computer entity, the third computer entity only being able to decrypt the 
encrypted data using said decryption key where the said particular time period is said 
1 5 current time period. 

Brief Descr iption of the Drawing 

Embodiment of the invention will now be described, by way of non-limiting example 
with reference to the accompanying diagrammatic drawings, in which- 
20 . Fignra , is . ^xn ilIustratjng ^ rf ^ ^ ^ ^ ^ 

known as Identifier-Based Encryption; 

• Figure 2 is a diagram of an embodiment of the present invention; 

• Figure 3 is a diagram showing, for multiple services provided over multiple time 

Sl ° tS ' USe ° f different cryptographic data sets for each combination of 
service and time slot; 

• Figure 4 is a diagram showing, for one service provided over four time slots, servrce 

time periods defined to correspond to each time slot and each time-ordered 
combination of two or more adjacent time slot; and 

• Figure 5 is a diagram showing, for three services provided over multiple time slots 
30 the use of three different cryptographic data sets for enabling a party to 

gain access to each service during respective time periods. 
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Best Mode of Canvinp n,,t the Invention 

Figure 2 illustrates a system in which a requesting patty using a computing entity 20 is 
arranged to request a service from a service provider that is using a computing entity 30 
the servtceonlybeing accessible to the pattyifthe patty has or can obtain a key to decrypt' 
data provtded in encrypted font, byfte service provider. The requesting patty canobtain 
therequtreddectyptionkeyfromanaumonsationaumoritymatisusingacomputingenti^ 



40. 



20 



30 



The computing entities 20, 30 and 40 inter-communicate as needed via, for example, the 
mternet or other computer network though t, is also possible that two ot all three entities 
actually reside on the same computing platfotm. 

In the following, references ,o the requesting party, service provider and authorisation 

^y^g^erallyusedinterchangeablywithrcferencestotheirraspectivecompunng 
15 entities 20, 30, 40. 

The authorisation authority 40 is unhanged to detennine whether the requesting party 20 is 
entttled to receive the setvice during a particular time period (the service being received 
once, multtple times or continuously during this period depending on the nature of the 
servtce and, potentially, on the extent to which the party is entitled to receive the service) 
After U.e authorisation authority 40 has determined that the party is entitled to receive the 
servtce, t. provides the party with a deception key which will enable the party to dec™,, 
encrypted data provided by ft. service provider during the time period for which the party 
tsenntled to receive .he service; the provided decryption key will no. dec W data provided 

bytheserviceprovidetouWdeofthetimeperiodforwhichthepartyisentitiedtoreceive 
the service. 

This is achieved using Identifier-Based Encryption with thecomputing entities 20,30 and 
40havingro.es (so faras thelBE ctyptogmphic processes areconcented) cotrespondingto 
those of data recipient U, the data provider 10, and trusted authonty 12 of the Figure 1 BE 
arrangement. More particularly, the authorisation authority 40 is an-anged to generate for 
each of multiple service time periods, a different respective data se« comprising private 
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data and public data derived .herefrom (thus, for the QR BE method described above eaeh 
datase. comprises different vataes of me parameters,,, , and N). The service provider 30 

mprovidingencrypteddatatothepattvaOduringacun-enttinteperiod.usesanencryption' 
^^^PubHcdataforftecurrentservicetimeperiodtoencryptmedamrtsendstothe 
party. ^-«*orisarion authority 40 on detennining ma, me party tsenhtied to ^eive me 

servtcednringmeaforesaidpariicniartimeperiod.nseadteprivatedataformatperiodand 
tire aforesaid encryption key «„ generate the decryption key. This decryption key wil, only 
be usefir, tn decrypting the data provided by the service provider when the time period in 
whtch the encrypted data was provided equals the time period associated with the 
10 dectyp„on key (the period for whtch the party is entitled to receive the service). 

Considering the Fignre 2 system in more detatl, the requesting-party entity 20 comprises a 
browser 22 providing a nser interface for managmg interaction with the service-provider 
enttty 30 and authorisation-aumority entity 40; a secure data store 24 holding the 
decryption key (or keys) provided by the authorisation authority; a tmsied integrity 
checking module 25; and a communications module 24 for communicating with the other 
entities 30, 40. The browser 22 has a pUtg-in 23 provided, for examp.e, by the 
auftorisation-authority entity 40. The plug-in provides both control functionality for 
coordinating the operations of tte eMity 2Q , Q ^ ^ ^ ^ ^ 

20 ^»a 1 ity„eededby,hee„rity20.WheremeQR ffiEmethodisbeingllsedithe 

23 thus contains me program code for decrypting dab, using a decryption key provided by 
me entity 40 and Republic data N for the service time period to which me decryption key 
relates. 
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It will be appreciated that the party 20 shotdd preferably be unable to share tire decryption 
key(s) „ recetves Witt any other party. It is for this reason that the decryption key is 
arranged to be held in secure store 24 with the entity 20 being a trusted platform tha, can be 
m,erroga,edma,rus«ablern»nerto confirm ma, me key is securely he!d and only used by 
particular processes. Thus, me decryption key is, for example, held in protected storage 
associated with a TPM (.rusted p,a,form modu,e) and unsealed for use as described in- 

TCPA - Trusted Computing Piatform Alliance Main Specification vl.l, 

www.tnist edcomp nhna nm 2001. 
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Mechanisms suitable for enabling the entity 40 to assure itself that entity 20 is a trusted 
platform operating as expected are also described in the above document and are 
represented m Figure 2 by the trusted integrity checking module 25. 

5 The service-provider entity 30 comprises a control module 31 for controlling the 
operations, to be described below, that ensure that during any given service period, service 
provtston is limited to parties having the decryption key appropriate for ma, period- a 
servtce provision module 32 tnranged to effect service provision as pemritted by the 
control module 3 1 ; an BE encryption module 33 (it, the present exampie impkmenting the 
10 QR method and therefore employing an encryption key, the public data N for the cutren. 
servtce time period, and hash function #); and a commumcations module for 
communicating with the entities 20 and 40. 
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In the present example, it will be assumed that the encryption key used in the BE 
encryptionprocessbymoduleSSand in the decryption-key generation process carried out 
by the authorisation authority is well known and invariant across the service time periods 
The encryption key is, for example, an identifier (such as a name) of the service generated 
by one of the authorisation authority 40 and the service provider 30 and made available 
both to the other of the service provider and authorisation authority, and to the party 20. 

The authorisation-authority entity 40 comprises: 

- a communications module 44 for communicating with the entities 20 and 30- 

- a service registration subsystem 41 for determining whether parties are entitled to 
receive the service provided by the service provider 30 during particular time periods 
and for providing entitled parties with the corresponding decryption keys appropriate 
for the periods for which they are entitled to receive the service; 

- a decryption-key generation module 42 for responding to a request from the subsystem 

41foradecryptionkeyforaspecifictimeperiod,bygeneratingtherequiredkey(using 
the encryption key and the appropriate private data value) and providing it to the 
subsystem 41; and 

- a data-set generation module 43 for generating respective data sets (each comprising 
different values of private data and public data derived from it) for each service time 
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period, the key generation module 42 obtaining from the module 43 the required 
pnvate data value for the time period in respect of which the subsystem 41 has 
requested a decryption key. 

The service time periods, are, for example, aueeessive 24hr periods or suceessive hour 
5 penods during a working day (service time periods m a y or may no. run up against eaeh 
other or, as will be explained below, may overlap with eaeh other). 

The serviee registration subsystem 41 determines whether the party 20 is entitled to reeetve 
the serv.ee according ,o conditions specified by .he service provider; for example, me sole 

10 -<'..ionmaybepaymen,ofaservicefeeb y mepart y 20(whichma y bedonebyper S onal 
attendance of party 20 a, an office of the authorisation authority 40, or electronically) The 
condmons ma, a party mua. meet .o receive the service may vny between service time 
penods. Whatever conditions are imposed on service provision, i, is the responsibility of 
the subsystem 41 ,o determine tha, party 20 is entitled «o receive me service for a particular 
1 5 tune perrod only if all conditions are me.; me service provider 20 ■ W the authorisation 
authority to ensure that this is the case. 

The value of me public da«a N for the cun-en. service time period is made available ,o the 
servrce provider 30 (see dashed arrow 49) in any suitable manner; for example, .his value 
20 may be "pushed" ,o the entity 30, "pulled" by the latter from me entity 40, or simply 
pubhshed by me entity 40 for general access. Appropriate security measures may be taken 
to ensure tha, me value of N is no, subverted in its provision ,o the service provider 30- 
thus ,he value of N may be sen, over a Hnk secured by a synm,e«ric-key cryptographic' 
arrangement. " 
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Havmg descnbed the components of entities 20, 30 and 40, a description will now be given 
of the process by which the requesting party gains access to a service available from the 
semce provider for a particular time period. In the Figure 2 embodiment, tins process 
comprises the following steps: 

[1] The party 20 requests service access by registering for the service with the 
authonsation authority 40 and requesting service access (this may be done by 
personal attendance or electronically). In the present example, the request is assumed 



) 
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to be for service access during the current service time period without the party 
needing to specify this in the request. 
[2] Upon the authorisation authority 40 receiving the service-access request from party 
20, the subsystem 31 first checks whether the party 20 is entitled to receive the 
service by having met the associated access conditions specified by the service 
provider 30 (including payment of any prescribed service fee). The entity 40 may also 
check at this stage that the computing entity 20 is a trusted platform that can be 
trusted to store and use the decryption key without revealing it to other parties. If the 
party is entitled to receive the service for the current time period and if the computing 
entity passes any trusted-platform check carried out, the subsystem 3 1 requests the 
key generation module 42 to generate the decryption key for the current time period 
The module 42 does this using the well-known encryption key and the private data 
for the current time period (this private data being obtained from module 43). On 
receiving the required decryption key from the module 42, the subsystem 4 1 returns 
the key to the party 20. The party 20 stores the decryption key in secure store 24 

13] Ats ^pomtduringthetimeperiodassociatedwifomedecryptionkeystoredbythe 
Party20,theparty20makesaservice request to the service provider 30. Theparty20 
does not identify itself to the service provider 30. 
[4] Upon the service request being received at the service provider, the control module 
3 1 causes the BE module 33 to encrypt arbitrary data using both the well-known 
encryption key and the value of the public data N for the current time period (as 
judged by a clock, not shown). The control module 31 returns the encrypted data to 
the requesting party 20. 

[5] The requesting party 20 uses its stored decryption key to decrypt the encrypted data 
received from the service provider 30. The decrypted data is then sent back to the 
service provider 30 to prove that the party 20 is entitled to receive the service during 
the current time period. 

16] The control module 31 of the service-provider entity 30 checks that the decrypted 
data received from the party 20 matches the original data and if this is case the 

controlmodule31 enables the service provision module 32 to proceed with provision 
of the service requested by the party 20. 



The service provider 30 is thus able to fulfill the party's service request even when the 
service provider has had no prior relationship with the user. The service provider 30 does 
not need to know the identity of the party 20 and can be assured that after the end of the 
service time period for which the party 20 has been authorized, any service elements 
5 subsequently made available by the service provider will be inaccessible to the party 20 
Of course, the party can contact the authorisation authority 40 again to obtain the 
decryption key applicable to the next service time period, subject to the authority 
authorizing the party for that period. 

1 0 The above-described approach to regulating service access on a time basis is efficient and 
inexpensive both in terms of processing time and communications bandwidth. 

hi a variant of the Figure 2 process, the encrypted data sent by the service provider 30 to 
the requesting party (arrow [4] in Figure 2) is a data component of the service, such as 
15 software or digital media content (the service being, in effect, the provision of such items 
m accessible form); the requesting party can only access (decrypt) and use the data 
component if that party has the decryption key corresponding to the time period in which 
the service provider made the encrypted data component available. In this case, steps [5] 
and [6] will generally not be needed. It may also be noted that where the encrypted 
20 component effectively encompasses the service to be provided so that the party does not 
need to go back to the service provider, the party 20 can defer decryption of the encrypted 
component beyond expiration of the time period in which the encrypted data was provided 
the decryption key for that period still being effective for data encrypted in the period. 

25 In a further variant of the Figure 2 embodiment, the data-set generation module 43 of the 
authorisation authority 40 is arranged to generate and store data sets for future time 
periods. This enables the party to request service access for future time periods, the periods 
of interest being specified in the request sent to the authorisation authority. In response to 
such a request, the subsystem 31 provides the appropriate decryption key for the or each 

30 future time period in respect of which the requesting party is determined as being entitled 
to receive the service. The decryption keys are generated by the module 42 using the 
pnvate data of the data set generated by module 43 for the periods concerned. 
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The public data values of the generated future-period data sets N are preferably made 
available by the module 43 to enable the party 20 (and service provider 30) to store these 
values for future use; this maybe useful, for example, where the entity 20 may not be able 
to communicate with the authorisation authority at the time the party wants to receive the 
service from the service provider. 



By way of example, where the service time periods are formed by successive ten minute 
periods, the module 43 can be arranged to generate and store data sets for every service 
1 0 time period present in a time window spanning the next seven days, the public data of each 
such data set being made available for access to the party 20 and service authority 30. As 
each service time period elapses, the corresponding data set would be deleted from the 
module 43 and a new data set generated for the service time period that has newly appeared 
in the seven-day time window (at its future end). 
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Rather than deleting the data sets of elapsed time periods, these data sets could be retained 
(for example, transferred to an archive) such that they are still available for use. This 
enables the party to obtain the decryption key appropriate for decrypting service data 
encrypted by the service provided during a past time period (the party 20 may have been 
entitled at the time to decrypt the data but has lost the key, or the party may have 
subsequently become entitled to access the encrypted data). The service provider 30 may 
itself keep an archive of encrypted data it has provided during past time periods. 

The Figure 2 arrangement can be extended to permit the party 20, if appropriately entitled, 
25 to obtain access to more than one service provided by the service provider 30 (or, indeed, 
by respective service providers) potentially for different periods. In this case, the 
authorisation authority is arranged to provide the party with at least one decryption key 
appropriate for the or each service and the or each time period for which the party has been 
determined as entitled, the decryption keys for each of said multiple services in the same 
30 time period being different from each other. In one implementation, the same data set 
(public and private data values) is used for each service during the same time period; in 
this case, the encryption keys used for each service are different from each other and, 
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conveniently, the party 20 identifies the service in which it is interested by providing the 
corresponding encryption key (to the authority 40 when requesting a decryption key for the 
service, and to the service provider 30 when requesting the service itself). In an alternative 
implementation, a different data set is used for each service during the same time period; in 
5 this case, the encryption key can either be service specific or be the same for all services (in 
which case the party 20 must identify the service of interest in some other manner, for 
example, by the value of N associated with the service for the current time period). 

In the foregoing description of the Figure 2 embodiment the encryption key was well 
10 known. However, it is also possible for the party 20 to generate the encryption key and 
provide it to the authority 40 and service provider 30. Where the encryption key serves to 
identify the service desired by the party 20, it is the responsibility of the service provider to 
correctly map the supplied service identifier to the most appropriate one of the services on 
offer. Where different access conditions apply for different services, the authorisation 
15 authority will also need to map the service identifier to an available service in order to 
determine whether the party is entitled to receive that service; of course, the authorisation 
authority and service provider should be consistent with each other in mapping a service 
identifier to an available service. 

20 With respect to the service time periods, it will be appreciated that the party 20, the service 
provider 30 and the authorisation authority 40 should have a common understanding about 
when each period starts and stops. This can be achieved in a number of ways; however, in a 
preferred arrangement, the time over which service(s) are available (for example, during 
each working day) is divided into time slots, typically of the same predetermined duration. 

25 For example, the time slots could be of 1 5 minute duration and for every hour start on the 
hour, quarter past the hour, half past the hour, and a quarter to the (next) hour. This 
schedule of time slots would be made known to everyone involved. The party 20 can then 
request service provision for one or more specified time slots. 

30 As regards the relationship between the time slots and the service time periods in respect of 
which respective data sets are generated by the module 43, the simplest approach is for 
there to be a direct one-to-one relationship - each time slot is effectively a service time 



16 

period and no other such periods exist. This approach is illustrated in Figure 3 where each 
successive time slot 50-59 constitutes a service time period for which there is a 
corresponding data set generated by module 43. In the Figure 3 example, there are three 
■ services A, B and C on offer and the party 20 has become entitled to receive service A 
5 during one time slot 5 1 , service B during five time slots 53-57 and service C during two 
time slots 52, 53. Each service has a corresponding encryption key and the key generation 
module 42 is arranged to generate an appropriate decryption key for each combination of 
service and time slot for which the party is entitled to have service access, each decryption 
key being generated using the encryption key of the relevant service and the private data of 
10 the data set of the relevant time slot. Thus, the party 20 is provided with: 

- decryption key 60 for accessing service A during time slot 5 1 ; 

- decryption keys 6 1 -65 for accessing service B during time slots 53-57 respectively; and 

- decryption keys 66, 67 for accessing service C during time slots 52, 53 respectively. 

15 In addition to there being a respective service time period for each time slot, it is also 
possible to define a service time period (with an associated data set) that spans multiple 
time slots - such a time period covering multiple time slots (not necessarily adjacent slots) 
is referred to below as a 'compound' service time period for convenience. In this case, the 
subsystem 3 1 , on determining that the party is entitled to receive a service for all time slots 

20 of a compound time period, causes a single decryption key to be generated and provided to 
the party using the private data of the data set for the compound time period; as a result, the 
party only has to handle one decryption key rather than a decryption key for each time slot 
making up the compound time period. The service provider must, of course, encrypt the 
data to be provided to the party using the public data value of the data set of the compound 

25 time period (this may be in addition to encrypting the data using the public data of the data 
set for the current time slot.). 

Compound service time periods can be used in a number of interesting ways. For example, 
for a group of successive time slots, each time slot and each of every possible time-ordered 
30 combination of at least two adjacent time slots can be taken as constituting a respective 
service time period for which a corresponding data set is generated by the module 43. In 
this case, for any single period in respect of which the party is entitled to receive a service 
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during the time interval covered by the group of time slots, the authorisation authority need 
only provide a single decryption key to the party. However, the service provider will now 
either need to know the time period for which the party has the corresponding decryption 
key so that it can encrypt its data using the appropriate public data value, or must provide 
multiple versions of its encrypted data to the party, each version being encrypted using the 
public data value associated with a respective one of the multiple time periods that cover 
the current time slot. 

An example of such an arrangement is illustrated in Figure 4 which shows for a service 
provided over four time slots 70-73, service time periods 74-77 defined to correspond to 
each time slot and each time-ordered combination of two or more adjacent time slots. 
Thus, four time periods 74 correspond to respective ones of the time slots 70-73 * three time 
periods 75 correspond to respective pairs of adjacent time slots 70+71, 71+72, 72+73; two 
time periods 76 correspond to respective triplets of adjacent time slots 70+71+72, 
71+72+73; and one time period 77 corresponds to the combination of all four time slots 
70+71+72+73. For each service time period 74-77 there is a corresponding data set 
generated by the module 43 . It can be seen that for the time slot 7 1 , for example, unless the 
service provider knows for which time period the party has the decryption key, it will need 
to respond to a service request by that party by encrypting data using the public data value 
of the data set of each of six time periods. For this reason, it is preferable that the party 
identify to the service provider the time period for which the party has the decryption key. 

By applying the approach illustrated in Figure 4 to the Figure 3 scenario, it is now only 
necessary for the authorisation authority to supply the party 20 with three decryption keys 
80, 81 and 82, one for each service, as illustrated in Figure 5. 

An example implementation concerning provision of services to a tourist is given below, 
with reference to the corresponding elements of Figure 2: 

• A tourist (party 20) first registers with the Tourist Registration Authority (the 
authorisation authority 40). The authority 40 offers access to various services for up to 
7 days in advance in multiples of 1 -hour time slots. The tourist selects a service and a 
time period over which the tourist wishes to receive the service. The service is 
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described using an arbitrary bit stream that serves as the encryption key. The tourist 
pays the authority a fee for the service and upon payment being confirmed, the 
authority generates the corresponding decryption key for the service and time period 
requested (it is assumed that an arrangement similar to that illustrated in Figure 4 is 
being operated so that only a single decryption key is required for any single 
combination of time slots for a particular service). The authority 40 installs the 
decryption key and the relevant public data value in the tourist's PDA along with a 
trusted application that the user will use to access the service, e.g. in the case of a 
tourist guide service, this might be an audio player. 

• The tourist uses the application on the PDA to contact the service provider and 
requests the service by using the arbitrary string (the tourist's encryption key) to 
identify the service required; the tourist also identifies the time period for which it is 
entitled to receive the service. In return, the service provider transmits the service 
encrypted by the service name and the public data value for the service and time 
period concerned. The tourist's trusted application decrypts the service on the PDA 
using the corresponding decryption key. The service provider doesn't need to perform 
any authentication or authorization checks on the tourist as only a party with a valid 
decryption key obtained from the authority can decrypt the service. 

• The end of each 1-hour slot corresponds to the end of one or more service time 
periods. Where one of the expiring time periods is the one for which the tourist has 
the decryption key, the tourist is thereafter unable to access the service as service data 
is thereafter encrypted using a different data set to the one used for generating the 
decryption key possessed by the tourist. 

It will be appreciated that many other variants are possible to the above described 
embodiments of the invention. For example, the present invention is not limited to the QR 
IBE method used in the above-described embodiments and other analogous cryptographic 
methods can be used such as IBE methods based on Weil or Tate pairings. 

With respect to the service time periods, the beginning and/or end of one or more periods 
can be controlled by events other than clock events; such events are termed "non-clock" 
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events for convenience of reference. Non-clock events include, for example, the start and 
finish of a sporting occasion whereby a service time period delimited by these events can 
be defined in correspondence to the duration of the sporting occasion. Where, as in the 
foregoing example, a service time period is of unpredictable duration, the authorisation 
authority should be arranged to immediately notify the service provider of the termination 
of the service period so that the service provider can cease using the public data N for that 
period when sending out encrypted service data; typically, the service provider will then 
switch to using the public data value for the next service time period, this value having 
been provided by the authority 40 either in advance or when the service provider is notified 
of the termination of the service time period just ended. 

The authorisation authority 40 can also be arranged to force a change at any time in the 
public data value being used by the service provider whereby to immediately revoke 
authorisation for the party 20 to use the service; in effect, this makes all service time 
periods of unpredictable duration. 

It will be appreciated that the party 20 does not need to be in the possession of a 
decryption key at the time of requesting a service from the service provider as the party can 
seek to obtain the required key from the authorisation authority after having received the 
encrypted service data. 

The service provider can encrypt data to be sent to the party during a particular time period 
in advance of that time period provided it knows the encryption key and uses the public 
data value for that particular time period (as opposed to the public data value for the time 
period current at the time the encryption is effected). 

In situations where service users are likely to be present for receiving a service over a 
limited time period (such as is the case with tourists who will normally only stay in a 
region for a period of one or two weeks), the data sets could be repeated after a period of 
time (such a month); however, this is not preferred. 
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CLAIMS 



1. A method of regulating access to a service provided by a service provider, wherein a 
service authorises 

5 - generates for each of multiple service time periods a different respective data set 
comprising private data and public data derived using the private data; and 
determines whether a party is entitled to receive the service for a particular said time 
period and, if so, provides that party with a decryption key for accessing the service 
during said particular time period, the decryption key being generated by the 
10 authoriser using an encryption key and the private data of the data set for said 

particular time period. 

2. A method according to claim 1, wherein the service provider provides said party with 
encrypted data which the party is required to decrypt to receive the service for a current 

1 5 said time period, the encrypted data being data encrypted using said encryption key and the 
public data of the data set for said current time period, and the party only being able to 
decrypt the encrypted data using said decryption key provided by the authoriser where the 
said particular time period is said current time period. 

20 3. A method according to claim 2, wherein the data that is encrypted by the service 
provider is arbitrary data, said party being required to decrypt and return this data as 
evidence of its entitlement to receive the service for the current time period before the 
service provider provides said service to the party. 

25 4. A method according to claim 2, wherein the data that is encrypted by the service 
provider is a data component of the service. 

5. A method according to claim 4, wherein the data component comprises at least one of 
software and digital media content. 

30 

6. A method according to any one of the preceding claims, wherein the encryption key is 
formed using at least an identifier of said service. 
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7. A method according to claim 6, wherein the service identifier is generated by said party 
and provided by it both to the authoriser to obtain the decryption key for enabling the party 
to receive the service during said particular time period, and to the service provider. 

5 

8. A method according to claim 7, wherein the service provider maps the service identifier 
to the most suitable one of multiple services it can provide in order to determine the service 
required by said party. 

10 9. A method according to claim 6, wherein the service identifier is generated by one of the 
authoriser and the service provider and made available both to the other of the service 
provider and authoriser, and to said party. 

10. A method according to any one of the preceding claims, wherein plural said data sets 
15 are generated in advance of the time periods to which they relate and the public. data of 

these data sets are made available in advance of those time periods to at least one of said 
party and the service provider. 

11. A method according to any one of the preceding claims, wherein the time for which 
20 said service is available is divided into time slots, each said time period for which a 

respective said data set is generated corresponding to a respective one of said time slots. 

12. A method according to any one of claims 1 to 1 1, wherein the time for which said 
service is available is divided into time slots, at least one of said time periods for which a 

25 respective said data set is generated corresponding to a combination of multiple said time 
slots. 

13. A method according to any one of claims 1 to 1 1, wherein the time for which said 
service is available is divided into time slots, and wherein for a group of successive time 

30 slots, each time slot and each of every possible time-ordered combination of at least two 
adjacent time slots constitutes a respective said time period for which a corresponding data 
set is generated by the authoriser, the authoriser providing a single decryption key to said 
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party upon determining that the party is entitled to receive said service for any time slot or 
time-ordered combination of time slots within said group. 

14.. A method according to any one of claims 1 to 10, wherein at least one of the start and 
5 finish of a said time period is determined by the occurrence of a non-clock event. 

15. A method according to any one of the preceding claims, wherein the decryption key 
provided to said party in respect of a time period for which it is entitled to receive said 
service, is securely stored in trusted platform equipment of said party such that the 

1 0 decryption key is not accessible in cleartext form to the party but is usable to decrypt said 
encrypted data in the trusted platform. 

16. A method according to claim 1, wherein the authoriser operates to determine the 
entitlement of said party to any of multiple services for any of said multiple time periods, 

1 5 and to provide the party with at least one decryption key appropriate for the or each service 
and the or each time period for which the party has been determined as entitled, the 
decryption keys for each of said multiple services in the same time period being different 
from each other. 

20 17. A method according to claim 16, wherein the authoriser uses the private data of the 
same data set for each service during the same time period when generating the decryption 
key to be provided to said party, the encryption keys used for each of said multiple services 
being different from each other. 

25 1 8. A method according to claim 1 6, wherein the authoriser generates a respective data set 
for each combination of service and time period, the authoriser using the private data of the 
data set for the appropriate service and time period when generating the decryption key to 
be provided to said party. 

30 19. A computing entity for regulating access to a service provided by a service provider, 
the computing entity comprising: 
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first means for generating for each of multiple service time periods a different 
respective data set comprising private data and public data derived using the private 
data; 

second means for determining whether a party is entitled to receive the service for a 
particular said time period; 

third means for providing a party that the second means has determined is entitled to 
receive the service, with a decryption key for accessing the service during said 
particular time period, the third means including key-generating means for generating 
the decryption key using an encryption key and the private data of the data set for 
said particular time period. 

20. A computing entity according to claim 1 9, wherein the encryption key is formed using 
at least an identifier of said service. 

21. A computing entity according to claim 20, wherein the computing entity is arranged to 
receive said service identifier from said party. 

22. A computing entity according to claim 20, wherein the computing entity is arranged to 
generate the service identifier and to make it available to the service provider and said 
party. 

23. A computing entity according to any one of claims 19 to 22, wherein the computing 
entity is arranged to use said first means to generate plural said data sets in advance of the 
time periods to which they relate, the computing entity being further arranged to make the 
public data of these data sets available in advance of those time periods to at least one of 
said party and the service provider. 

24. A computing entity according to any one of claims 19 to 23, wherein the time for 
which said service is available is divided into time slots, each said time period for which a 
respective said data set is arranged to be generated by said first means corresponding to a 
respective one of said time slots. 
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25. A computing entity according to any one of claims 19 to 23, wherein the time for 
which said service is available is divided into time slots, at least one of said time periods 
for which a respective said data set is arranged to be generated by said first means 
corresponding to a combination of multiple said time slots. 

26. A computing entity according to any one of claims 19 to 23, wherein the time for 
which said service is available is divided into time slots, and wherein for a group of 
successive time slots, each time slot and each of every possible time-ordered combination 
of at least two adjacent time slots constitutes a respective said time period for which said 
first means is arranged to generate a corresponding data set, the third means being arranged 
to provide a single decryption key to said party upon the second means determining that 
the party is entitled to receive said service for any time slot or time-ordered combination of 
time slots within said group. 

27. A computing entity according to any one of claims 19 to 23, wherein the first means 
includes means for determining the occurrence of a non-clock event and for using this 
occurrence to start or finish of a said time period. 

28. A computing entity according to claim 19, wherein the second means is arranged to 
determine the entitlement of said party to any of multiple services for any of said multiple 
time periods, the third means being arranged to provide said party with at least one 
decryption key appropriate for the or each service and the or each time period for which the 
party has been determined as entitled, the decryption keys for each of said multiple services 
in the same time period being different from each other. 

29. A computing entity according to claim 28, wherein the key-generating means is 
arranged to use the private data of same data set for each service during the same time 
period when generating the decryption key to be provided to said party, the encryption keys 
used for each of said multiple services being different from each other. 

30. A computing entity according to claim 28, wherein the first means is arranged to 
generate a respective data set for each combination of service and time period, the key- 
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generating means being arranged to use the private data of the data set for the appropriate 
service and time period when generating the decryption key to be provided to said party. 

31. A system for regulating access to a service provided by a service provider, the system 
comprising: 

a first computer entity for authorising access to said service, comprising: 

- first means for generating for each of multiple service time periods a different 
respective data set comprising private data and public data derived therefrom; 

- second means for determining whether the party is entitled to receive the service 
for a particular said time period; 

- third means for providing a party that the second means has determined is 
entitled to receive the service, with a decryption key for accessing the service 
during said particular time period, the third means including key-generating 
means for generating the decryption key using an encryption key and the private 
data of the data set for said particular time period; 

a second computer entity, associated with the service provider, and arranged to 
provide said party with encrypted data which the party is required to decrypt to 
receive the service for a current said time period, the second computer entity being 
arranged to form said encrypted data by encrypting data using said encryption key 
and the public data of the data set for said current time period; and 
a third computer entity, associated with said party, and arranged to use the decryption 
key provided by the first computer entity to decrypt the encrypted data provided by 
the second computer entity, the third computer entity only being able to decrypt the 
encrypted data using said decryption key where the said particular time period is said 
current time period. 

32. A system according to claim 31, wherein the data that is encrypted by the second 
computer entity is arbitrary data, said third computer entity being arranged to decrypt and 
return this data as evidence of its entitlement to receive the service for the current time 
period, and the third computer entity being arranged to respond to receipt of the correctly 
decrypted data from the third computer entity to provide said service to the party. 
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33. A system according to claim 31, wherein the data that the second computer entity i 
arranged to encrypt is a data component of the service. 



34. A system according to claim 33, wherein the data component comprises at least one of 
5 software and digital media content. 

35. A system according to claim 3 1 , wherein the encryption key is formed using at least an 
identifier of said service. 

10 36. A system according to claim 35, wherein the third computer entity is arranged to 
provide said service identifier both to the first computer entity to obtain the decryption key 
for the service for said particular time period, and to the second computer entity. 

37. A system according to claim 36, wherein the second computer entity is arranged to 
1 5 maps the service identifier to the most suitable one of multiple services it can provide in 

order to determine the service required by said party. 

38. A system according to claim 35, wherein one of the first and second computer entities 
is arranged to generate the service identifier and to make it available both to the other of 

20 the second and first computer entities, and to the third computer entity. 

39. A system according to any one of claims 3 1 to 38, wherein the first computer entity is 
arranged to use said first means to generate plural said data sets in advance of the time 
periods to which they relate, the first computer entity being further arranged to make the 

25 public data of these data sets available in advance of those time periods to at least one of 
the second and third computer entities. 



40. A system according to any one of claims 31 to 39, wherein the time for which said 
service is available is divided into time slots, each said time period for which a respective 
said data set is arranged to be generated by said first means of the first computer entity 
corresponding to a respective one of said time slots. 
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41 . A system according to any one of claims 31 to 39, wherein the time for which said 
service is available is divided into time slots, at least one of said time periods for which a 
respective said data set is arranged to be generated by said first means of the first computer 
entity corresponding to a combination of multiple said time slots. 

42. A system according to any one of claims 31 to 39, wherein the time for which said 
service is available is divided into time slots, and wherein for a group of successive time 
slots, each time slot and each of every possible time-ordered combination of at least two 
adjacent time slots constitutes a respective said time period for which said first means of 
the first computer entity is arranged to generate a corresponding data set, the third means of 
the first computer entity being arranged to provide a single decryption key to said third 
computer entity upon the second means of the first computer entity determining whether 
the party is entitled to receive said service for any time slot or time-ordered combination of 
time slots within said group. 

43. A system according to any one of claims 3 1 to 39, wherein the first means of the first 
computer entity includes means for determining the occurrence of a non-clock event and 
for using this occurrence to start or finish of a said time period. 

44. A system according to any one of claims 31 to 43, wherein the third computer entity is 
a trusted platform arranged to securely store the decryption key provided to it by the first 
computer entity such that the decryption key is not externally accessible in cleartext form 
but is usable to decrypt said encrypted data in the trusted platform. 

45. A computing entity according to claim 31, wherein the second means of the first 
computer entity is arranged to determine the entitlement of said party to any of multiple 
services for any of said multiple time periods, the third means of the first computer entity 
being arranged to provide the third computer with at least one decryption key appropriate 
for the or each service and the or each time period for which the party has been determined 
as entitled, the decryption keys for each of said multiple services in the same time period 
being different from each other. 
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46. A system according to claim 45, wherein the key-generating means of the first 
computer entity is arranged to use the private data of same data set for each service during 
the same time period when generating the decryption key to be provided to the third 
computer entity, the encryption keys used for each of said multiple services being different 
from each other. 

47. A system according to claim 45, wherein the first means of the first computer entity is 
arranged to generate a respective data set for each combination of service and time period, 
the key-generating means of the first computer entity being arranged to use the private data 
of the data set for the appropriate service and time period when generating the decryption 
key to be provided to said party. 
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ABSTRACT 



Method and System for Regulating Access to a Service 

In order to regulate access to a service provided by a service provider (30), a service 
authoriser (40) generates for each of multiple service time periods a different respective 
data set comprising private data and public data derived using the private data. The service 
provider (30) uses the public data for a current time period and an encryption key to 
generate encrypted data which a party (20) wanting to receive the service must decrypt. 
The service authoriser (40) provides a decryption key to the party (20) after determining 
that the party is entitled to receive the service for a particular service time period; the 
decryption key is generated using the aforesaid encryption key and the private data of the 
data set for the service period concerned. The party (20) can then decrypt the encrypted 
data it receives from the service provider (30) provided that the current time period for 
which the data has been encrypted is the same time period as that for which the decryption 
key was generated. 



(Figure 2) 
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